The Hacker News — Cyber Security, Hacking, Technology News

"Privacy" is a bit of an Internet buzzword nowadays as the business model of the Internet has now shifted towards data collection.

Although Virtual Private Network (VPN) is one of the best solutions to protect your privacy and data on the Internet, you should be more vigilant while choosing a VPN service which actually respects your privacy.

If you are using popular free virtual private networking service Hotspot Shield, your data could be at a significant risk.

A privacy advocacy group has filed a complaint with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for reportedly violating its own privacy policy of "complete anonymity" promised to its users.

The 14-page-long complaint filed Monday morning by the Centre for Democracy and Technology (CDT), a US non-profit advocacy group for digital rights, accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers' data.

Developed by Anchorfree GmbH, Hotspot Shield is a VPN service available for free on Google Play Store and Apple Mac App Store with an estimated 500 million users around the world.

VPN is a set of networks conjugated together to establish secure connections over the Internet and encrypts your data, thereby securing your identity on the Internet and improving your online security and privacy.

The VPN services are mostly used by privacy advocates, journalists, digital activists and protesters to bypass censorship and geo-blocking of content.

Hotspot Shield does just Opposite of What All it Promises

The Hotspot Shield VPN app promises to "secure all online activities," hide users' IP addresses and their identities, protect them from tracking, and keep no connections logs while protecting its user’s internet traffic using an encrypted channel.

However, according to research conducted by the CDT along with Carnegie Mellon University, the Hotspot Shield app fails to live up to all promises and instead logs connections, monitors users' browsing habits, and redirects online traffic and sells customer data to advertisers.

"It is thusly unfair for Hotspot Shield to present itself as a 48 mechanism for protecting the privacy and security of consumer information while profiting off of that information by collecting and sharing access to it with undisclosed third parties," the CDT complaint reads.

"Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers' declared privacy interests."

Hotspot Shield also found injecting Javascript code using iframes for advertising and tracking purposes.

Reverse engineering of the apps source code also revealed that the VPN uses more than five different third-party tracking libraries.

Researchers also found that the VPN app discloses sensitive data, including names of wireless networks (via SSID/BSSID info), along with unique identifiers such as Media Access Control addresses, and device IMEI numbers.

The CDT also claims that the VPN service sometimes "redirects e-commerce traffic to partnering domains."

If users try to visit any commercial website, the VPN app redirects that traffic to partner sites, including ad companies, to generate revenue.

"For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like www.target.com and www.macys.com,the application can intercept and redirect HTTP requests to partner websites that include online advertising companies," the complaint reads.

The CDT wants the FTC to start an investigation into what the Hotspot Shield's "unfair and deceptive trade practices" and to order the company to stop mispresenting privacy and security promises while marketing its app.

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection.

Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and buying habits and make millions by sharing your data with advertisers and marketers.

If this is not enough, then there are governments across the world conducting mass surveillance, and hackers and cyber criminals who can easily steal sensitive data from the ill-equipped networks, websites, and PCs.

So, what's the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks?

No matter which Internet connection you are using to go online, one of the most efficient solutions to maximize your privacy is to use a secure VPN service.

In this article, we have introduced two popular VPN services, TigerVPN and VPNSecure, which help you in many ways. But before talking about them, let's dig deeper into what is a VPN, importance of VPN and why you should use one.

What is a VPN & Why You Should Use It?

A VPN, or Virtual Private Network, is nothing but an encrypted tunnel between you and the Internet.

Once you connect directly to your VPN service, every Internet browsing activity of yours will go through the VPNs servers and blocks third parties, including government and your ISP, from snooping on your connection.

Unblock Websites & Bypass Internet Restrictions: VPN essentially hides your IP address, so your visits to any restricted sites do not register with the third-party, including your government or ISP, trying to block you, ensuring you enjoy the online freedom of speech.

Hide Your Browsing History From ISP: VPNs stop your ISP from logging your web visit, as the spying ISP will not be able to see what you are visiting on the Internet.

Multiple Device Supported: Many VPN services usually support multiple devices and work on all operating systems, such as Windows, Mac, Linux, Android, and iOS. With multiple device support, you can set up your PC, work computer and smartphone to access one VPN at the same time.

Get Best VPN Service — Lifetime Subscription

Dozens of companies today sell VPN services, and you can find plenty of reviews that can help you choose one.

But make sure to look for a VPN service that includes a large number of servers distributed worldwide, type of encryption, their privacy policies, speed and price.

If you are looking for an excellent and secure VPN service to start with, below we have introduced two best deals from THN Store, offering popular VPNs at highly discounted prices with lifetime access.

TigerVPN comes with a right mix of security, usability, and features, and supports Windows, Mac, Android, and iOS. It provides military grade encryption to make sure your entire communication on the Internet is end-to-end secure and protected.

The service doesn’t allow anyone, including your ISP or the government, to monitor, target or even sell your internet activity. With TigerVPN, you can enjoy the benefits of unlocking geo-restrictions from content providers like Netflix, Youtube, and many others with unlimited access to 15 VPN nodes across 11 countries.

The TigerVPN Lifetime Subscription is also available for just $39 at THN Deals Store, which without discount costs $780 — that's 95% off on its real value.

Over the past few years, Internet users globally have grown increasingly aware of online privacy and security issues due to mass monitoring and surveillance by government agencies, making them adopt encryption software and services.

But it turns out that hackers are taking advantage of this opportunity by creating and distributing fake versions of encryption tools in order to infect as many victims as possible.

Kaspersky Lab has revealed an advanced persistent threat (APT) group, nicknamed StrongPity, which has put a lot of efforts in targeting users of software designed for encrypting data and communications.

The StrongPity APT group has been using watering-hole attacks, infected installers, and malware for many years to target users of encryption software by compromising legitimate sites or setting up their own malicious copycat sites.

Watering hole attacks are designed to lure specific groups of users to their interest-based sites that typically house malicious files or redirect them to attacker-controlled downloads.

The StrongPity APT group has managed to infect users in Europe, Northern Africa, and the Middle East and targeted two free encryption utilities in different attacks: WinRAR and TrueCrypt.

WinRAR and TrueCrypt are long popular within security and privacy conscious users. WinRAR is best known for its archiving capabilities that encrypting files with AES-256 crypto, while TrueCrypt is a full-disk encryption utility that locks all files on a hard drive.

By setting up fake distribution sites that closely mimic legitimate download sites, StrongPity is able to trick users into downloading malicious versions of these encryption apps in hopes that users encrypt their data using a trojanized version of WinRAR or TrueCrypt apps, allowing attackers to spy on encrypted data before encryption occurred.

"The problem with people depending on tools like this isn’t the strength of the crypto, but more about how it's distributed," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "This is that problem that StrongPity is taking advantage of."

Booby-Trapped WinRAR and TrueCrypt Downloads

The APT group previously set up TrueCrypt-themed watering holes in late 2015, but their malicious activity surged in end of summer 2016.

Between July and September, dozens of visitors have redirected from tamindir[.]com to true-crypt[.]com with unsurprisingly almost all of the focus on computer systems in Turkey, with some victims in the Netherlands.

However, in WinRAR case, instead of redirecting victims to a website controlled by StrongPity, the group hijacked the legitimate winrar.it website to host a malicious version of the file themselves.

The winrar.it website infected users mostly in Italy, with some victims in countries like Belgium, Algeria, Tunisia, France, Morocco and Cote D'Ivoire, while the attackers controlled site, winrar.be, infected users in Belgium, Algeria, Morocco, the Netherlands, and Canada.

Top Countries infected with StrongPity APT malware

According to Kaspersky, more than 1,000 systems infected with StrongPity malware this year. The top five countries affected by the group are Italy, Turkey, Belgium, Algeria and France.

The StrongPity APT's dropper malware was signed with "unusual digital certificates," but the group didn't re-use its fake digital certificates. It downloaded components include a backdoor, keyloggers, data stealers and other crypto-related software programs, including the putty SSH client, the filezilla FTP client, the Winscp secure file transfer program and remote desktop clients.

The dropper malware not only provides the hackers control of the system, but also allows them to steal disk contents and download other malware that would steal communication and contact information.

Therefore, users visiting sites and downloading encryption-enabled software are advised to verify both the validity of the distribution website as well as the integrity of the downloaded file itself.

Download sites that not use PGP or any strong digital code signing certificate are required to re-examine the necessity of doing so for the benefits of them as well as their own customers, explained Baumgartner.